Good morning, everyone.

This week I want to let you know about an upcoming change across UT with regards to email, collaboration, file storage, etc. I also want to share a current threat, as well as some security tips. The information contained in this newsletter is important to all faculty, staff, and students, but the majority of the information would be helpful to anyone you know.

Upcoming Change

• Microsoft 365 Transition
  • There has been talk for some time about the University transitioning from Google to Microsoft as the supported university-wide platform for email, collaboration, tools, and storage.
  • I would like to make it very clear that “Gmail” and “Google” being mentioned here refer to the UTK Google app.
  • Last week Dan Harder, the UTK Associate Vice Chancellor of IT and Innovation, Chief Academic Technology Officer, and Deputy CIO, sent an email with information that the time has come to begin the transition.
  • Dan says that between now and January 2026, UT will start moving away from Google and go to Microsoft for email, file sharing and storage, and more.
  • This decision was made as an effort to provide a more reliable, secure, and consistent experience for all faculty, staff, and students, as well as to minimize the cost of maintaining multiple platforms.
  • Dan says that UTK’s OIT will coordinate with campus/institute leadership to determine a timeline to schedule faculty and staff migration for email and Google drive.
  • He adds that OIT will help students move their email to Microsoft Outlook.
  • To learn more about what will happen, please visit UTK’s OIT site Transition to Microsoft, as there are resources available to help you prepare.
  • And while you are waiting to be scheduled, please look at what you have on Google Drive.
  • If you are storing files on Google Drive that you no longer need, go ahead and delete them.
  • If you are using the UTK Gmail account, go ahead and delete any emails you no longer need.
  • And please know that you can call UTK’s OIT HelpDesk if you have any questions throughout this process.

Current Threat

• Fake Text Messages (smishing)
  • Recently a student at one of the UT campuses received a text message saying that her email account was about to be terminated permanently.
  • She was told that she could cancel the shutdown by replying with “NO” and when she did this, she was asked to confirm the passcode found on her Duo app, and then to confirm her student ID.
  • It suddenly turned into a series of ‘confirmations’ of the student’s information, all of which she unsuspectingly provided.
  • The student’s account was not going to be terminated by the campus and the campus was definitely not the sender of the text message.
  • Instead the student’s account was compromised and when an investigation was done, it was found that the information she supplied was used to set up an additional Duo device which allowed the UT account to be fully used by the hacker.
  • Please know that UT will never send you a text message like this!
  • As you know from my many newsletters talking about it, UT will never send an email like this, either.
  • Asking for personal information and Duo codes is NOT going to be done by someone at a UT help desk or other IT support.
  • If you ever receive a text message claiming to be from some form of help desk at UT, please call the UTK OIT HelpDesk at (865) 974-9900.
  • Because fake text message are happening more often, I have included information under “Important Security Tips” below.

Important Security Tips

• Spring Cleaning (but do it more often!)
  • Thoughts of spring make me think about getting rid of all the clutter I don’t need.
  • While digital clutter is far less noticeable for most people, it still takes up space that could be used for more relevant items.
  • Leaving old files on your hard drive can also slow it down as space fills up.
  • Even cloud storage can be cluttered with old and unneeded files.
  • Please take time to clean out your mailbox and your file storage, but please make sure you are following UT Policy FI0120 – Records Management to meet the minimum retention period.
  • Check to make sure you don’t have duplicate files stored in multiple locations.
  • And always make sure you are not storing someone’s Personally Identifiable Information (PII) or sensitive information on your computer unless you have:
    • A verified need-to-know and your job responsibilities require that you have this type of information stored on your computer; and
    • You have let me know that you have type kind of information stored on your computer; and
    • We work together to ensure that the appropriate security controls are in place before you store PII or other sensitive information on your computer. (While we no longer require individuals to complete the annual classification survey for each computer they use, I will continue to work with users who truly have a valid need to store certain data.)

• Fake Text Messages (smishing)
  • Text message scams are on the rise lately and they are a blatant attempt to steal your money and/or information.
  • Just like email scams, there are certain things to look for before acting on that text message.
    • Do you recognize the number?
      • If you don’t know the number, but it looks like it is from a legitimate business make sure you go to the known business’s website and check for any valid contact information or even call the main known number and ask them about the text.
      • If the text says it is from a friend but the number is not right, call the friend’s known number and ask.
    • Is the information relevant and does it make sense?
      • If it seems really odd that a stranger is asking what you are doing, the person texting you is trying to get you to respond even with a simple text of “wrong number.”
      • Once you respond, the scammer is going to try to start a conversation with you to attempt to get any information AND/OR they will log your number as active and sell it on the dark web.
      • Just delete the message right away and report as junk if your phone has that option.
    • Is there a sense of urgency?
      • Just like with email scams, the sense of urgency is used to pressure you to act before you think.
      • Please do not let the pressure get to you, but rather take a step back and think about it.
    • Is there a link in the text message?
      • If so, please don’t click it.
      • If you are asked to click a link to update your personal details for a package delivery or an account verification the scammer is going to collect your personal information when you enter it.
      • Please don’t click on attachments sent via a text message either, unless you are 100% certain it came from someone you know and you are expecting it!
    • Is the content of the message appropriate?
      • You can expect text messages from your known contacts that may include appointment reminders or delivery notifications.
      • You should never receive a text message from anyone asking for or offering financial information, medical diagnoses, job offers, etc.
      • And remember that credible companies and organizations know that they cannot contact you and ask for your password, your SSN, your account number, etc.
    • Does the message offer you some kind of a reward like a gift card?
      • These kinds of messages are meant to reel you in and steal your identity.
      • If you are offered something and you are told that you need to pay shipping, a fee, etc., then delete the message right away.
      • And if you are offered a gift card if you refer friends via a special link, then you and your friends are at risk for having your identities stolen.
  • There are several common scams that you may have already seen, but I want to let everyone know.
    • Text messages from the IRS saying you are owed a refund or you owe them money are very common at this time of year.
      • Know that the IRS will not contact you via text message.
      • If you are worried that the message could be real, call the IRS at its known number and not the number in the text.
    • Another common scam is one that tells you there is a failed delivery and you need to click a link to verify your information.
      • These messages appear to come from any of the common delivery services, but they don’t look quite right.
      • If you are expecting a package, log into the appropriate delivery service’s known site and check; or give them a call at their known number.
    • I have heard a lot of people saying they are getting text messages about overdue toll charges.
      • You should receive this kind of notification in the mail on official letterhead.
      • But often, these “charges” are for toll roads you have probably not even been on.
  • The main takeaways from this are:
    • Do not respond to the text message.
    • Don’t click links in a text message you are not expecting.
    • When in doubt call the known number of the supposed sender to verify the message.
    • You should report the fake text to the FTC by going to https://reportfraud.ftc.gov.
    • Delete the text message and report as junk.

Thank you all for being so security minded. I know that you are paying attention and doing everything possible to help keep the Institute’s data safe, as well as the University’s and your own. I am always here to help you, so don’t hesitate to reach out!

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone else has an email group for students who are not employees of your department, please let me know that address and I can include it. I do this as a blind copy so student names and addresses will not show up!